Dunedin continues to be struck by ransomware attacks. We have had yet another client struck this week. While this keeps our techs busy, I think we can all agree that avoiding these is preferable. We must be on the lookout for Crypotolocker, Cryptowall and CrypoDefense which have all been successfully deployed in Dunedin networks, causing grief for all involved.

Ransomware is a type of Malware that encrypts files on a system’s hard drive using an unbreakable key, and this is decrypted by the attacker once a ransom is paid.

​PREPARE FOR RECOVERY1. BACK IT UPThe most reliable way to recover from an attack by ransomware relies largely on whether you have a good backup policy for your data. In order for your backups to be considered "good", there must be multiple (more than three) separate full backups, going back in time. If, for example, you backup to two external hard drives, where the drives are swapped out once per day, this number should be increased to at least four or five disks rotated in order.Because some ransomware will try to encrypt data on connected network shares and removable drives, it is likely that the most recent backup is also infected, leaving you with only one not-yet-connected drive with all of your data. It is very dangerous to rely on this one disk as it may have become corrupt itself (as data does from time to time) or you may not realise you have been infected until you have swapped the backup drives, causing your final backup drive to also be encrypted. This leaves you with no option but to pay the ransom.In addition to making sure you have multiple backups, you must also ensure that the backups retain their quality as over time data can become corrupt. to ensure your backups are good quality, each backup drive should be checked at least monthly.

​AVOID BECOMING INFECTED1. ANTIVIRUSIf you don't already, get it. If its connected to the internet, it MUST have antivirus, no exceptions. Also, the Antivirus must be up to date. Make sure you keep up to date with your renewals. Free Antivirus products are not strong enough for your business. If your business is using AVG or Windows Defender, or any other free product, change it immediately to a paid product.

2. MAIL FILTERIf you don't have a Mail Filter, now is the time to get one. MailMarshal, SMX, Office365. They all do a great job, and while the won't catch everything, they will significantly reduce the number of suspicious attachments getting onto your site.

3. FIREWALLIf you don't already have a Firewall, get one. The Fortinet Firewall is a cost effective and efficient firewall that can further restrict unauthorised external access. This is especially important if you have remote access into your site.

5. PASSWORD STRENGTHYour password is a vital part of your security system. Your dogs name is not good enough. Neither is 1234! For security, a pass phrase is your best friend (rather than complexity). Something like ilovemypoochierexbecasueheisadorable. Or even better...MyBeautifulRexWasBornIn2011! These phrases are easier to remember, and practically impossible to crack. If your username and password are both "admin", then you are asking for trouble! If you want to check your password strength, use this checker and find out how long it would take to crack! https://howsecureismypassword.net/

​DON'T MAKE IT WORSE!1. DON'T OPEN THAT ATTACHMENTMost ransomware is delivered via email, and is typically delivered opportunistically with a typical theme being shipping notices from delivery companies. In addition, the emails are also looking much more legitimate than they previously were, so email attachments can be more tempting to open. However, ransomware is also delivered via download attacks on compromised websites, and this style of infection is much harder to avoid.

2. TURN IT OFF!If you think you have opened a suspicious attachment by mistake, turn off your computer and call Decision1. This can restrict the attack because the ransomware hopefully won’t get the chance to establish a connection with its control server to complete the encryption routine.

CHECK YOUR PREPARATIONS REGULARLY

1. Check your preparations are in placeAt least once per month you need to check that your preparations are in place and are functional. This includes: Antivirus checks, backup check and test restore, firewall operations, patching up to date.

2. Get Decision1 to do your checks for youWe have managed services setup especially for this reason. Let us take the worries away and let us do all the monthly checks that you need to keep your business data safe.

A common complaint we hear regularly is that a fault was not fixed on the the first attempt. Often a fault is resolved for only a few hours or days, and a tech needs to fix it again before the fault is finally resolved for good. This can be a frustrating process for all involved, and can leave you thinking that the tech working on the issue wasn't skilled. However, this could not be further from the truth. Is it possible that the tech working on your issue isn't skilled? Yes. Is the fact that they didn't fix it 'properly' the first time and indication that they don't know what they are doing? No.

IT faults are often not straightforward, and requires some degree of luck, along with the necessary skills. The problem is the incredibly complicated nature of a computer system, and network, that all combine to create faults that look the same, but could have anywhere between 100-1000 different causes. In some cases a single fault can have multiple causes.

Over many generations of techs, we have settled on a system that works efficiently, but the execution of that process can vary widely between techs and companies. This system is the "Most Likely, Probably, Possible, Not Likely, Impossible" process where a tech will use their experience (and the experience of their colleagues) to determine the possible causes of an issue, and rank them according to the system. From there they apply their best option and wait to see if the problem continues to be resolved.

An example Issue: A machine that is running slowly. A standard diagnosis for a slow machine looks similar to this:

Most Likely: The machine is running low on resources.Fix this cause by: Make more space on the hard drive, clean out temp files etc

Probably: The machine is infected by malware, which is hogging the resourcesFix this cause by: Removing the Malware

Possible: The machine is being over utilized by the software/hardware it is required to runFix this cause by: Adding in additional RAM, upgrading the Hard drive

​ Not Likely: The machine components are worn out, such as the RAM or CPU.Fix this cause by: Replacing components, or more likely the whole machine.

Impossible: There are gremlins that live in the machine, that hate you and want to ruin your day.Fix this cause by: Replacing the machine, so the gremlins are someone else's problem.

Now, you are probably reading this and thinking that this process all looks quite straight forward. Well, not quite. Because the process is an embedded one. For each "Most Likely, Probably, Possible, Not Likely, Impossible" causes, there is a "Most Likely, Probably, Possible, Not Likely, Impossible" for each "Fix" as well. Lets look at the "Most Likely" cause above. Now the "Fix" listed, is simply the ​"Most Likely" fix. The actual list looks more like this:

An Issue we know the cause of: The machine is running slow, because the machine is running low on resources.

Most Likely will Fix: Make more space on the hard drive, clean out temp files etc

​ Not Likely to Fix: Uninstall Java, Adobe and other "add-on" software

Impossible to Fix: Uninstall Antivirus software (which may solve the problem, but will cause another, ie you have no Antivirus)

What I am trying to demonstrate, is the almost infinitely complicated process it can be to solve a seemingly simple problem. Our "machine is running slowly" example has the following nested solution(s): 1. Most Likely Cause of the issue a) Most Likely will Fix b) Probably will Fix c) Possibly will Fix d) Not Likely to Fix e) Impossible to Fix 2. Probable Cause of the issue a) Most Likely will Fix b) Probably will Fix c) Possibly will Fix d) Not Likely to Fix e) Impossible to Fix 3. Possible Cause of the issue a) Most Likely will Fix b) Probably will Fix c) Possibly will Fix d) Not Likely to Fix e) Impossible to Fix​ 4. Not Likely to have Caused the issue a) Most Likely will Fix b) Probably will Fix c) Possibly will Fix d) Not Likely to Fix e) Impossible to Fix 5. Impossible to have caused the issue a) Most Likely will Fix b) Probably will Fix c) Possibly will Fix d) Not Likely to Fix e) Impossible to Fix

As you can see, solving IT issues can be, but are not always, straightforward. Even though sometimes we seem like heroes and sometimes we seem like idiots, how you see us often comes down to whether the solution to your problem was a 1a or a 5e!

We are asked more and more, 'Can I backup to the cloud? The future is now, right?' The short answer is Yes, you can! Here is how you can do it.

Step 1: DIY or Managed?

DIY Option: https://mozzie.co.nz/ With a plan from $75 per month (per GB plan) you can back up 100GB of files across multiple machines, and keep the files available for up to 30 days.

Managed Option:www.decision1.co.nzWith a Desktop or Server plan from $100 per 100GB per month, we will set it all up for you and monitor it to make sure it continues to operate correctly.

Step 2:What kind of Internet connection will I need?

This will depend on how much data is changed from day to day, but we recommend at least a Fibre Connection, preferably a Gigabit connection if possible.

Step 3:Set It Up

If you picked the DIY option, then you have the option to set it all up yourself, figure out what files you need to backup, install the software (read the instructions!) send off your seed data and you are set. If you prefer, we can help you with this part. Once set up, you will only need to regularly make sure it continues to backup as expected.If you picked the Managed option, we set it all up for you and monitor it for you too. Managed backup is a (mostly) set and forget option.

Step 4: Manage It

Setting and forgetting is not a good idea when it comes to backups. Whether you picked the DIY option or the Managed option you will want to keep an eye on the amount of data going through your internet connection (unless you have an unlimited plan).

​If you picked the DIY option, you will also want to make sure the backups continue to backup as expected. Backup software is notoriously un-reliable, so regular manual checks are 100% necessary, otherwise Murphy's Law will dictate that once a restore is required, your backups will have been failing!

On occasion, communications go awry and we miss important jobs. We hate it when that happens (and so do you!) so here is a quick run-down of the best way to get hold of us, to make sure your get heard!

Start by...Sending Us an Email

Send an email to helpdesk@decision1.co.nz detailing your issue and the email heads straight into our ticketing system, figures out who you are, assigns your normal tech and sends you and the tech an email so you both know what's going on.

Or...Use the Portal

go to www.decision1.co.nz and press LOGIN to go to your portal. You can create a new ticket from here, and check up on your other tickets while you are there.Don't have a login? Send us an email and we will set you up with one.

You Can Call Us...Prefer to chat? We love to chat, so give us a call at the office on03 471 8232We will make sure your request gets logged.

Last Resort...Call your Tech DirectlyIf you have exhausted every other avenue, you could call you tech directly, if you are lucky enough to have his number... but be warned!Techs are notoriously fickle creatures that generally hate admin tasks, like recording messages or logging jobs! And if they are busy working on a ticket (and they always are) you might just find your request in the "I'll get to that later" pile...

Dunedin has been struck by a number of ransomware attacks recently, keeping our techs very busy. Crypotolocker, Cryptowall and CrypoDefense have all been successfully deployed in dunedin networks, causing grief for all involved.

Ransomware is a type of Malware that encrypts files on a system’s hard drive using an unbreakable key, and this is decrypted by the attacker once a ransom is paid. But there are simple ways to avoid the after effects of ransomware.

1. DON'T OPEN THAT ATTACHMENTMost ransomware is delivered via email, and is typically delivered opportunistically with a typical theme being shipping notices from delivery companies. In addition, the emails are also looking much more legitimate than they previously were, so email attachments can be more tempting to open. However, ransomware is also delivered via download attacks on compromised websites, and this style of infection is much harder to avoid.

2. BACK IT UPThe most reliable way to recover from an attack by ransomware relies largely on whether you have a good backup policy for your data. In order for your backups to be considered "good", there must be multiple (more than three) separate full backups, going back in time. If, for example, you backup to two external hard drives, where the drives are swapped out once per day, this number should be increased to at least four or five disks rotated in order.Because some ransomware will try to encrypt data on connected network shares and removable drives, it is likely that the most recent backup is also infected, leaving you with only one not-yet-connected drive with all of your data. It is very dangerous to rely on this one disk as it may have become corrupt itself (as data does from time to time) or you may not realise you have been infected until you have swapped the backup drives, causing your final backup drive to also be encrypted. This leaves you with no option but to pay the ransom.In addition to making sure you have multiple backups, you must also ensure that the backups retain their quality as over time data can become corrupt. to ensure your backups are good quality, each backup drive should be checked at least monthly.

3. ANTIVIRUSIf you don't already, get it. If its connected to the internet, it MUST have antivirus, no exceptions. Also, the Antivirus must be up to date. Make sure you keep up to date with your renewals.

4. MAIL FILTERIf you don't have a Mail Filter, now is the time to get one. MailMarshal, SMX, Office365. they all do a great job, and while the won't catch everything, they will significantly reduce the number of suspicious attachments getting onto your site.

5. FIREWALLIf you don't already have a Firewall, get one. the Fortinet Firewall is a cost effective and efficient firewall that can further restrict unauthorised external access. This is especially important if you have remote access into your site.

7. TURN IT OFF!If you think you have opened a suspicious attachment by mistake, turn off your computer and call Decision1. This can restrict the attack because the ransomware hopefully won’t get the chance to establish a connection with its control server to complete the encryption routine.

8. BUT WAIT, THERE'S MORE...For more info on how to keep yourself safe, these sites have comprehensive lists of tasks that can help reduce your risk.

Author

As a Director of Decision1 for 15 years, Victoria Murgatroyd-McNoe has seen good and bad IT decisions that can drive the success or failure of a business. Here she shares her experiences so we can learn from them.